ModSecurity is a powerful firewall for Apache web servers which is used to stop attacks against web apps. It keeps track of the HTTP traffic to a given website in real time and blocks any intrusion attempts the moment it detects them. The firewall uses a set of rules to do that - as an example, trying to log in to a script administration area unsuccessfully many times activates one rule, sending a request to execute a particular file which could result in getting access to the website triggers another rule, etcetera. ModSecurity is one of the best firewalls available and it'll secure even scripts that aren't updated on a regular basis as it can prevent attackers from using known exploits and security holes. Very thorough info about every intrusion attempt is recorded and the logs the firewall keeps are a lot more detailed than the conventional logs provided by the Apache server, so you can later analyze them and determine whether you need to take extra measures so as to increase the security of your script-driven websites.

ModSecurity in Website Hosting

We offer ModSecurity with all website hosting solutions, so your Internet applications shall be resistant to harmful attacks. The firewall is activated by default for all domains and subdomains, but if you'd like, you'll be able to stop it via the respective part of your Hepsia Control Panel. You could also activate a detection mode, so ModSecurity shall keep a log as intended, but will not take any action. The logs which you will find in Hepsia are incredibly detailed and offer info about the nature of any attack, when it transpired and from what IP address, the firewall rule that was triggered, etc. We employ a range of commercial rules that are often updated, but sometimes our administrators include custom rules as well so as to efficiently protect the websites hosted on our machines.

ModSecurity in Semi-dedicated Servers

ModSecurity is a part of our semi-dedicated server packages and if you decide to host your sites with our company, there will not be anything special you will have to do since the firewall is activated by default for all domains and subdomains which you add using your hosting Control Panel. If necessary, you can disable ModSecurity for a certain Internet site or turn on the so-called detection mode in which case the firewall shall still operate and record info, but will not do anything to prevent potential attacks against your Internet sites. In depth logs will be available within your Control Panel and you shall be able to see which kind of attacks occurred, what security rules were triggered and how the firewall dealt with the threats, what IP addresses the attacks originated from, and so on. We employ 2 kinds of rules on our servers - commercial ones from a business which operates in the field of web security, and customized ones that our admins occasionally add to respond to newly identified risks on time.

ModSecurity in VPS Servers

Protection is extremely important to us, so we set up ModSecurity on all VPS servers that are set up with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is switched on automatically when you include a new domain or generate a subdomain, so you'll not have to do anything by hand. You will also be able to disable it or turn on the so-called detection mode, so it will maintain a log of possible attacks that you can later examine, but won't block them. The logs in both passive and active modes offer information about the form of the attack and how it was eliminated, what IP address it originated from and other useful data that might help you to tighten the security of your Internet sites by updating them or blocking IPs, as an example. On top of the commercial rules which we get for ModSecurity from a third-party security firm, we also employ our own rules since every now and then we find specific attacks that aren't yet present within the commercial package. This way, we can easily improve the security of your VPS promptly as opposed to waiting for a certified update.

ModSecurity in Dedicated Servers

ModSecurity is offered by default with all dedicated servers that are set up with the Hepsia Control Panel and is set to “Active” automatically for any domain which you host or subdomain that you create on the server. In case that a web application doesn't function correctly, you could either turn off the firewall or set it to operate in passive mode. The second means that ModSecurity shall keep a log of any potential attack that could occur, but shall not take any action to stop it. The logs generated in active or passive mode shall present you with more details about the exact file that was attacked, the type of the attack and the IP it came from, and so on. This data shall permit you to decide what actions you can take to enhance the security of your sites, including blocking IPs or performing script and plugin updates. The ModSecurity rules we employ are updated regularly with a commercial pack from a third-party security enterprise we work with, but sometimes our admins include their own rules as well in the event that they identify a new potential threat.